On Fri, 2007-11-16 at 16:34 -0800, Casey Schaufler wrote: > --- "David P. Quigley" <dpquigl@xxxxxxxxxxxxx> wrote: > > > When a caller wishes to get pull the extended attribute name for the security > > module for use they normally concatinate the security namespace segment and > > the > > suffix provided by the lsm. This hook provides a mechanism to obtain the full > > LSM xattr name. The patch also provides implementations for the dummy > > security > > module and SELinux. > > What is the problem with the concatination scheme currently in > use? I'm not going to defend it, but why change it? Well the current getsuffix call has been removed by a patch submitted by Adrian Bunk I think. Regardless it is no longer in the stable kernel and other places in the xattr code take the xattr that they receive and then pass an offset into it for the component. There are examples of this method in the kernel already and it seems better to do this rather than concatenating them. Pointer + offset as opposed to string concatenation. Dave > > > Signed-off-by: David P. Quigley <dpquigl@xxxxxxxxxxxxx> > > Signed-off-by: Matthew N. Dodd <Matthew.Dodd@xxxxxxxxxx> > > --- > > include/linux/security.h | 7 +++++++ > > security/dummy.c | 6 ++++++ > > security/security.c | 6 ++++++ > > security/selinux/hooks.c | 6 ++++++ > > 4 files changed, 25 insertions(+), 0 deletions(-) > > Please cross post proposed LSM changes to the LSM mailing list. > > > > Casey Schaufler > casey@xxxxxxxxxxxxxxxx -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
